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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 15 April 2003 . 
2a)Q This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayie, 1935 CD. 11 , 453 O.G. 213. 
Disposition of Claims 

4) H Claim(s) 1-3,5-42.44-81 and 83-117 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) £3 Claim(s) 1-3.5-42.44-81.83-117 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)Q The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
11 )□ The proposed drawing correction filed on is: a)Q approved b)Q disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) Q The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)0 All b)D Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) Q Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 

Attachment(s) 

1 ) E] Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). . 



2) D Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-1 52) 

3) D Information Disclosure Statement(s) (PTO-1 449) Paper No(s) . 6) Q Other: 
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DETAILED ACTION 



Response to Arguments 

1 . Applicant's arguments with respect to claims 1-3,5-42,44-81 , and 83-117 have been 
considered but are moot in view of the new ground(s) of rejection. 



2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. . Claims 1,5-11,14,16,17,21,22,40,44-50,53,55,56,60,61,79,83-89,92,94,95,99, and 100 
are rejected under 35 U.S.C. 103(a) as being unpatentable over Freier et al. 

As per claims 1,5,40,44,79, and 83, it is disclosed by Freier et al of establishing an SSL 
session that includes multiple secure (network) connections and parties may have multiple 
simultaneous (multiplexed) sessions (tunnels)(pg 9-10, Section 5.1). The SSL protocol is 
configured to establish a (single) secure (encrypted) connection (tunnel) between a client and a 
server communicating across an insecure channel whereby both parties (client and server) are 
authenticated to each other (after the secure connection is opened)(pg 49, Section F & F.l . 1). At 
a lowest level, SSL is layered on top of TCP (user level) which is a transport protocol (pg 3, 



Claim Rejections - 35 USC § 103 
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Section 1). The teachings of Freier et al disclose of establishing multiplexing and tunneling (secure 
connection). The teachings are silent in disclosing of either of the endpoints of the being able to 
receive data or receive connection. The examiner hereby takes official notice that such a concept 
is notoriously well known to one of skill in the art. It would have been obvious to a person of 
ordinary skill in the art to have been motivated to apply a means of being able to receive data and 
to receive connection requests. It is notoriously well known to one of skill that in order to 
establish a connection between two parties (endpoints), one of the parties (endpoints) have to 
initiate the connection whereby the other receives the request for connection and if the connection 
is authenticated (in light of the teachings of Freier et al), the connection is permitted between the 
two. Additionally, the teachings of Freier et al disclose of establishing a secure tunnel between 
two partied (endpoints) whereby it is notoriously well known that either of the two can receive 
data wherein one of the locations is a sender and the other is the recipient of the information. It is 
obvious that the teachings of Freier et al comprise the features of atleast one of the parties 
(endpoints) being able to receive connection requests and to receive data for that is the intent of 
the teachings to establish a secure tunnel (connection) which mutually authenticates both parties 
(endpoints) and upon successful authentication, secure communications is permitted which would 
include the sending and receiving of data (pg 49, Section F & F. 1 . 1). 

As per claims 3,42, and 81, it is disclosed by Freier et al of the use of SSL and by 
establishing secure tunnels. Symmetric keys are used for data encryption (secure connection)(pg 
4, Section 1). 
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As per claims 6,7,1 1,45,46,50,84,85, and 89, it is disclosed by Freier et al of a means 
which uses multiplexing and the establishment of secure tunnels. The teachings of Freier et al are 
silent on disclosing the use of maintaining sufficient send buffers for receiving forwarded data 
between endpoints and maintainingj^uffer^^ The examiner hereby takes 

official notice that such a concept is notoriously well known. It would have been obvious to a 
person of ordinary skill in the art that the use of buffers is necessary since large amounts of data 
can not be in complete form, but rather in segmented portions by means such as packets or 
frames. Since the information has to be segmented, it is held in a temporary storage which holds 
it until all the information has been received where it will then be reassembled into its original 
form where it can then be executed. Since is it notoriously well known that a processor cannot 
properly execute portions of data or if the data is out of order, buffering the data would allow the 
data in its entirety to be successfully executed if it is sent through a single connection or 
transferred to multiple destinations via multiplexing. Although the teachings of Freier et al are 
silent on this concept, it is obvious that there exists sufficient buffers to handle large volumes of 
information that which are transferred across networks in a secure manner. 

As per claim 8-10,47-49, and 86-88, the teachings of Freier et al are silent in disclosing the 
use of queuing data received at a destination, dispatching the queued data to a final destination, 
and to acknowledge the recei pt of mejjataj which tracks th e usag e of buffers at.the-endpoint. The 
examiner hereby takes official notice that such a concept is notoriously well known. It would 
have been obvious to a person of ordinary skill that it is notoriously well known that the use of 
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buffers is necessary since large amounts of data can not be in complete form, but rather in 
segmented portions by means such as packets or frames. Since the information has to be 
segmented, it is held in a temporary storage which holds it until all the information has been 
received where it will then be reassembled into its original form where it can then be executed. 
The information is then placed in a queue which accepts stages the data as a first in, first out 
pattern and the recipient then reassembles the data and checks to see if all the data has been 
correctly received. The information in the buffers is tracked to monitor the data flow to insure 
that all the data is received. It is obvious that the teachings of Freier et al utilizes a queue for 
staging data as is notoriously known to one of skill in the art. 

As per claims 14,16,17,21,22,53,55,56,60,61,92,94,95,99 and 100, it is recited by Freier 
et al of a secure connection (portals) between a client and a server. The teachings of Freier et al 
are silent in disclosing of the use of a client operating behind £ firewall_(gate)_and the use of 
communications between an Intranet and the Internet. The examiner hereby asserts that it is 
obvious to make of these features. SSL is known as a protocol which can be implemented in any 
networking environment and as long as the two parties are authenticated to one another, based on 
the teachings of Freier et al (pg 49, Section F & F. 1.1), the secure connection can be established. 
The teachings of Freier et al only disclose of the establishment of a connection between a client 
and server, but alternative forms of connections can occur across the Internet with connections to 
local area networks, Intranets, or other destinations. The locals are typically protected by means 
of a firewall which is known as a security system to protect an organization's network from 
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external threats across the Internet and all communications are routed through a proxy server 
outside the organization to protect the network from communicating directly with potential 
attackers. It is obvious that SSL can be applied to different infrastructures wishing to establish 
secure connections with one another. 

4. Claims 2,28-39,41,67-78,80, and 106-1 17 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Freier et al in view of Fryer et al. 

As per claims 2,41, and 80, Freier et al discloses of the use of TCP (pg 3, Section 1). The 
teachings of Freier et al are silent in disclosing the use of UDP (User Datagram Protocol). It is- 
disclosed by Fryer et al that UDP is a connectionless protocol within TCP/IP (pg 482). It would 
have been obvious to a person of ordinary skill in the art at the time of the invention to have been 
motivated to apply UDP as an alternative protocol. Fryer et al discloses the benefits of UDP by 
reciting that UDP converts messages generated by an application into packets which are sent via 
IP, but does not verify that messages have been delivered correctly and it is more efficient than 
TCP (pg 482). The teachings of Freier et al do disclose of the use of TCP/IP (pg 39, Appendix 
B) and it would have been obvious that the teachings of Freier et al would have benefitted by 
utilizing UDP as an efficient means of transferring information as disclosed by Fryer et al. 

As per claims 28-39,67-78, and 106-1 17, it is disclosed by Freier et al of establishing an 
SSL session that includes multiple secure (network) connections and parties may have multiple 
simultaneous (multiplexed) sessions (tunnels)(pg 9-10, Section 5.1). The SSL protocol is 
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configured to establish a (single) secure (encrypted) connection (tunnel) between a client and a 
server communicating across an insecure channel whereby both parties (client and server) are 
authenticated to each other (after the secure connection is opened)(pg 49, Section F & F.l.l). 
The teachings of Fryer et al are relied upon for the use of UDP. The teachings of Freier et al are 
silent in disclosing of the use of record exchanges between the endpoints wherein an usheropen, 
usheropenreply, ushersend, usherclose, ushersendudp, usherack, usherend, and usherrst records. 



The examiner hereby takes official notice that the use of those records are notoriously well known 
as protocol standards for establishing connections and allowing computers to communicate with 
one another. It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to have been inclined to use a particular type of protocol to set up communications with 
a remotely located node and that there are procedures that have to occur in order for the 
communications to take place. Using an usheropen command would allow a connection to be 
opened, the usheropen reply is a reply responsive to the usheropen command, the ushersend 
command passes the information, the usherack acknowledges the information that which is 
received, the usher close command ends the connection, the ushersendudp command initiates the 
sending of UDP packets, the usherend command terminates a connection, and the usherrst 
command resets the connection. In any of the situations, the particular protocol type commands 
are responsive to conditions that dictate the success of a connection, for the cause of the usherack 
command, if an acknowledgment is unsuccessful, then the connection can not be established, it 
may or may not retry sending for an acknowledgment and then may time out without a connection 
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being established. It is obvious that the teachings of Freier et al follow the protocols of TCP that 
obey the rules that govern the particular type of protocol as is notoriously well known that which 
is used for establishing connections and allowing the respective computers to communicate. 

5. Claims 12,51, and 90 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Freier et al in view of Griffiths et al. 

It is disclosed by Freier et al of the establishment of a secure tunnel across the Internet. 
The teachings of Freier et al are silent on disclosing of resolving domain names. It is taught by 
Griffiths et al of the use of a domain name system which resolves domain names (col. 11, lines 59- 
63). It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to have been motivated to apply a means to resolve domain names in order to establish a 
connection with a remotely located web site. Griffiths et al recites motivation for the use of DNS 
by reciting that it is essential that domain name has an associated IP address that needs to be 
determined from the URL address. Since the user enters a URL address, it must be resolved to a 
specific IP address in order to access the web site (col. 11, line 59 through col. 12, line 15). It is 
obvious that the teachings of Freier et al use domain name resolving since it is essential for this to 
occur unless if the particular user knows the IP address which can then be entered. 

6. Claims 13,52, and 91 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Freier et al in view of the Netscape Handbook. 
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It is disclosed by Freier et al of establishing an SSL session that includes multiple secure 
(network) connections and parties may have multiple simultaneous (multiplexed) sessions 
(tunnels)(pg 9-10, Section 5.1). The SSL protocol is configured to establish a (single) secure 
(encrypted) connection (tunnel) between a client and a server communicating across an insecure 
channel whereby both parties (client and server) are authenticated to each other (after the secure 
connection is opened)(pg 49, Section F & F.l.l). The teachings of Freier et al are silent in 
disclosing of the use of SOCKS mode. The Netscape Handbook discloses of the use of SOCKS 
which is software that allows computers inside a firewall to gain access to the Internet and is 
usually installed on a server positioned either inside or on the firewall (pg 15-16). It would have 
been obvious to a person of ordinary skill in the art at the time of the invention to have been 
motivated to apply SOCKS as a means of accessing information on the Internet. The Netscape 
Handbook recites motivation for the use of SOCKS as allowing a client inside a firewall gain 
access to the Internet. It is obvious that the teachings of Freier et al would have used SOCKS 
since clients access information across the Internet and SOCKS is the protocol which allows the 
communications. 

7. Claims 15,18-20,23-25,54,57-59,62-64,93,96-98, and 101-103 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Freier et al in view of Coley et al. 

The teachings of Freier et al disclose of the use of SSL which provides a secure channel 
(portal). It is obvious that the teachings of Freier et al can be utilized in the environment of 
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Internet and an Intranet which utilize a firewall (see motivation in the cited rejection of claims 
14,16,17,21,22,53,55,56,60,61 ,92,94,95,99 and 100). It is obvious that the teachings of Freier et 
al can implement a firewall, but the disclosure is silent in reciting of the use of a bastion firewall 
host computer. It is disclosed by Coley et al of this feature of a bastion firewall host computer 
(col. 12, line 12). It would have been obvious to a person of ordinary skill in the art to have been 
motivated to apply a bastion firewall since Coley et al recites motivation for the use of a bastion 
firewall by disclosing that using a firewall as a bastion host, it acts on behalf of the user and the 
identity of the internal network elements is preserved since the firewall protects the identity of 
whose elements it is acting on behalf of and the external users see the address of the firewall, not 
the internal elements, namely the user's client computer (col, 12, lines 14-24). The teachings of 
Freier et al would have benefitted from this feature to allow the user's identity to be further 
protected in addition to establishing a secure connection with a trusted location and the teachings 
of Coley et al add an additional security measure which would not have affected the operations of 
the teachings of Freier et al. 

8. Claims 26,65, and 104 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Freier et al in view of Raz. 

The teachings of Freier et al are silent in disclosing of the use of communications between 
an In tranet and the Internet . The examiner hereby asserts that it is obvious to make of these 
features. SSL is known as a protocol which can be implemented in any networking environment 
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and as long as the two parties are authenticated to one another, based on the teachings of Freier et 
al (pg 49, Section F & F.l.l), the secure connection can be established. The teachings of Freier et 
al only disclose of the establishment of a connection between a client and server, but alternative 
forms of connections can occur across the Internet with connections to local area networks, 
Intranets, or other destinations. It is obvious that SSL can be applied to different infrastructures 
wishing to establish secure connections with one another. 

The teachings of Freier et al are silent in reciting of the use of a second Intranet. It is 
disclosed by Raz of the use of multiple Intranets (col. 11, lines 56-57). It would have been 
obvious at the time of the invention to have been motivated to apply additional Intranets to allow 
multiple users residing on different Intranets access to the Internet. The teachings of Raz recite 
motivation for the use of multiple Intranets by disclosing firewalls protect the Intranets and SSL is 
used to protect the transaction data that is conducted by the clients located on the Intranets and 
the servers located on the Internet (col. 11, lines 53-64). It is obvious that the teachings of Freier 
et al are not limited to just one Intranet, but rather to multiple Intranets to allow for secure 
transactions to be conducted via SSL from any location. 

9. Claims 27,66, and 105 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
* Freier et al in view of Raz in further view of Coley et al. 

The teachings of Freier et al are silent in disclosing of the use of a client operating behind 
a firewall (gate) and the use of communications between an Intranet and the Internet. The 
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examiner hereby asserts that it is obvious to make of these features. SSL is known as a protocol 
which can be implemented in any networking environment and as long as the two parties are 
authenticated to one another, based on the teachings of Freier et al (pg 49, Section F & F. 1.1), the 
secure connection can be established. The teachings of Freier et al only disclose of the 
establishment of a connection between a client and server, but alternative forms of connections 
can occur across the Internet with connections to local area networks, Intranets, or other 
destinations. The locals are typically protected by means of a firewall which is known as a 
security system to protect an organization's network from external threats across the Internet and 
all communications are routed through a proxy server outside the organization to protect the 
network from communicating directly with potential attackers. It is obvious that SSL can be 
applied to different infrastructures wishing to establish secure connections with one another. 

It is obvious that the teachings of Freier et al can implement usage of a firewall, but are 
silent in disclosing the use of a bastion firewall host computer. It is disclosed by Coley et al of 
this feature of a bastion firewall host computer (col. 12, line 12). It would have been obvious to a 
person of ordinary skill in the art to have been motivated to apply a bastion firewall since Coley et 
al recites motivation for the use of a bastion firewall by disclosing that using a firewall as a bastion 
host, it acts on behalf of the user and the identity of the internal network elements is preserved 
since the firewall protects the identity of whose elements it is acting on behalf of and the external 
users see the address of the firewall, not the internal elements, namely the user's client computer 
(col. 12, lines 14-24). The teachings of Freier et al would have benefitted from this feature to 
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allow the user's identity to be further protected in addition to establishing a secure connection 
with a trusted location and the teachings of Coley et al add an additional security measure which 
would not have affected the operations of the teachings of Freier et al. 

Conclusion 

1 0. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Christopher Revak whose telephone number is (703) 305-1843. The 
examiner can normally be reached on Monday-Thursday from 6:30 am to 4:00 pm. The examiner 
can also be reached on alternate Fridays from 6:30 am to 3:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Ayaz Sheikh, can be reached on (703) 305-9648. The fax phone number for the organization 
where this application or proceeding is assigned as follows: 



Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 



for After-Final Communications: 



(703)746-7238; 



for Official Communications: 



(703) 746-7239; 



for Non-Official Communications: 



(703) 746-7240. 
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